Our Blog

Deploying app ENV variables with Rbenv, Passenger and Capistrano

New: Intercity now makes it really easy to configure Environment Variables for
your Rails app. Take a look this announcement: New in Intercity: Environment
Variables per Rails app.

Rails 4.1 now has a secrets.yml file where you can store secrets, API keys,
passwords, etc. to be used for your application. The secrets.yml is also the
default file to specify the SECRET_KEY_BASE for your app. In development and test, these keys are already pre-filled by Rails. For production, you’ll see this in the file:

# Do not keep production secrets in the repository,# instead read values from the environment.production:secret_key_base:<%= ENV["SECRET_KEY_BASE"] %>

As the comment says, you should not just replace this with a secret key and keep
it in your repository. You should load it from the environment. You can do this
very easily with Rbenv, the Rbenv Vars plugin and Capistrano. Here’s how we do
it in Intercity:

1. Make Pusion Passenger use Rbenv

First, the passenger_root setting in our Phusion Passenger configuration
points to our Rbenv ruby. Here it is in our /etc/nginx/conf.d/passenger.conf.
If you manage your server with Intercity, this is already configured.

This will make Passenger use the correct Ruby version for each app. The Ruby
version is determined by setting it in the .ruby-version in your Rails app.

2. Installing the rbenv-vars plugin

The rbenv-vars plugin is the
important part. This plugin loads up all the environment variables from a
.rbenv-vars file into our app’s ENV hash. If you manage your server with Intercity the plugin is installed by default.

If you don’t have Rbenv yet you can install it by going into the plugins directory of your rbenv installation and cloning the plugin from GitHub, like so:

4. Deploy with Capistrano

The last thing to set up, is tell Capistrano that it needs to symlink the
shared/.rbenv-vars file into each of your deployments. So edit
config/deploy.rb
in your Rails app and modify the line with the linked_files setting:

set:linked_files,%w{config/database.yml .rbenv-vars}

Now deploy your application with Capistrano and your secrets.yml will use
ENV['SECRET_KEY_BASE'] that you specified in shared/.rbenv-vars.

You can now add more configuration keys or API keys to .rbenv-vars to use them in your app via ENV!

Michiel Sikkes

Subscribe via email

Automatically get new articles with product updates and Rails hosting best practices.